I woke up to some fantastic news this morning. The Indian government’s draft digital personal data protection bill (DPDPB), which was first published in November 2022, has been reviewed and endorsed by the parliamentary standing committee on Information Technology, according to Union Minister Ashwini Vaishnaw.
What does this bill mean, and its impact on Industry and Individual citizens?
- DPDPB focuses only on digital personal data, thereby doing away with regulating the use of non-personal data. It applies to the processing of this data within the territory of India or outside of India when related to business activities involving data principals within India.
- Under the bill, personal data refers to “any data about an individual who is identifiable by or in relation to such data”. Examples include the full name, mobile number, PAN card, driver’s license number, bank account number, passport number, and email address, etc.
- The DPDP Bill focuses primarily on three types of stakeholders: Data Fiduciaries, Data Processors, and Data Principals.
- Under this draft bill, any entity that processes user data, known as a Data fiduciary, must provide a detailed notice which is clear and in simple language to users outlining the data that will be collected. Additionally, users must be given the right to manage, give, and withdraw consent for their information to be shared.
- Data Processors are companies that process data on behalf of data fiduciaries, and they have similar obligations to that of Data Fiduciary and Data Principals are the individuals who provide their personal data to data fiduciaries and have a range of rights, including the right to correct or update their personal data, or request its erasure if it’s no longer needed for its stated purpose.
- The bill includes specific protections for children/minors. Data fiduciaries are prohibited from tracking or monitoring children’s behavior and advertising directed at children.
- Non-compliance with provisions stated by the bill could result in penalties of up to Rs 500 crore.
I would like to conclude that the DPDP Bill carries similarities to other data protection laws that require personal data protection to prevent data breaches. The restriction of the use of customer data to its stated purpose, the forbidding of the retention of personal data when it’s no longer needed for its stated purpose, the requirement of notification of impacted individuals in the event of a data breach, and the granting of certain rights to individuals over their personal data are inline with International standards.
Global enterprises and common people are already leveraging technology solutions such as ZUNU, developed by Ziroh Labs, to help them comply with laws like GDPR and other privacy laws worldwide. ZUNU by Ziroh Labs Inc is a leading Data Privacy and Productivity Solution that provides a highly secure and tightly controlled environment for managing, monitoring, and utilizing personal data. Zunu ensures adherence to stringent data privacy regulations such as DPDP and GDPR when it comes to protecting files and emails stored and shared from all types of devices. In addition, the platform utilizes advanced data protection techniques such as Full homomorphic encryption and the latest access control technologies to isolate and safeguard personal data from internal and external breaches.
To learn more about how ZUNU and how it can protect personal data privacy while maintaining current productivity levels within existing technology infrastructure.